Static route for Public IP NIC


I have a server with two NICs, one for the internal connection ( and a second NIC for external connection (public IP). From what I understand, I need to set up static routes on the server since I can set only one 'default gateway." This is where the confusing part starts; is the static route set for the public IP address to see the internal network? I think I don't understand this well enough, hence the confusion. Any routing guru out there to help me shed some light on this process?

Thank you!
Alan DalaITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jorge diazSECommented:
Hi there,

what are trying to accomplish, also what os are you running on?
Fred MarshallPrincipalCommented:
If the server is the internet gateway for the network then the internal LAN NIC wouldn't have a gateway address.

If another device is the internet gateway for the network then workstations would use its LAN address as their gateway.

On the external/public NIC, the gateway address should be in accordance with the service being provided - generally from your ISP.

Nonetheless, something seems to be missing in the description here.
What services are running on this server to accommodate internet connections from the LAN NIC side - if that's the intent.
RantCanSr. Systems AdministratorCommented:
Ensure that your server is sufficiently hardened if it will be internet available, i.e. not behind a firewall.
Need More Insight Into What’s Killing Your Network

Flow data analysis from SolarWinds NetFlow Traffic Analyzer (NTA), along with Network Performance Monitor (NPM), can give you deeper visibility into your network’s traffic.

Alan DalaITAuthor Commented:
Thank you for your responses. This server has a small website on it. One NIC is on the private network and the second one is in the DMZ. From what I understand, you set the gateway only on the private network NIC and set static routes for the public IP NIC to be able to route packets. Is that accurate?

Fred MarshallPrincipalCommented:
I don't think it's completely accurate.  But then, I already commented on that...

IF it's the LAN gateway then no gateway address on the LAN NIC.
jorge diazSECommented:
I believe it goes like this: your lan int should be configured with ip\sm, the wan int should be configured with  ip\sm\dg.  you add a static route for the lan network to access access other networks if it needs to.

that would cover the routing, there's a lot more to do depending on the OS. Things like dns\wins and protocol binding order.
Alan DalaITAuthor Commented:
I'm sorry if I don't explain this well enough. I have a web server that needs to be accessible internally and externally. I've setup one NIC with an internal IP of I've added a default gateway of Now, for the NIC in the DMZ, I've setup an ip address of If I set another 'default gateway, I get the 'multiple gateways' warning message. I thought the only way to set the traffic to find both routes(internal and external) is by setting static routs through the command line. Is this accurate?

Thanks again.
Fred MarshallPrincipalCommented:
You haven't revealed what the OS is or the services that are running.
For example, is this Windows with Internet Connection Sharing and, therefore, the computer *is* the internet gateway for the LAN?
Just an example of how the question might be answered of course .......

From what you've said: is another device which is the internet gateway for the LAN.  
This computer doesn't *need* this gateway because the computer already has an internet connection.
So, perhaps you want the LAN NIC to have no gateway entered.
Then the public NIC will not only be the internet gateway for THIS computer but also will have its internet gateway address entered (likely from the ISP).
One is enough.

Then, packets from the LAN should be responded to on the LAN without a LAN gateway address.  The packets simply go out "on the wire" and reach their intended destination on the LAN.

If you run
route print (in Windows)
you should see a route: [the public NIC address]
Alan DalaITAuthor Commented:
Removing the LAN default gateway and adding a gateway to the external one fixed the problem.

Benjamin Van DitmarsSr Network EngineerCommented:
What kinda firewall are you using. because youre talking about a dmz.
normaly use only one nic. and make some access rules that will allow. traffic from the lan to the dmz
and youre all set. please dont put a windows box on the internet. put something like a reverse proxy server in front of it. much more secure.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.